• Home
  • Internet
  • Internet News
  • Microsoft Warns of Massive COVID 19 Themed Phishing Campaign That Lets Attackers Gain Remote Access

Microsoft Warns of Massive COVID-19 Themed Phishing Campaign That Lets Attackers Gain Remote Access

The Microsoft Security Intelligence team has detailed how the campaign is being used to remotely access systems with malicious Excel files.

Share on Facebook Tweet Snapchat Share Reddit Comment
Microsoft Warns of Massive COVID-19 Themed Phishing Campaign That Lets Attackers Gain Remote Access

Microsoft’s researchers have found NetSupport Manager is being used to gain remote access

Highlights
  • Microsoft Security Intelligence has revealed the campaign through tweets
  • Malicious emails pretend to be from John Hopkins Center
  • Microsoft has provided a sample case to show the scope of the campaign

Microsoft says a massive COVID-19 themed phishing campaign is underway, as a part of which attackers install the NetSupport Manager remote access tool to gain remote access. The new campaign, which was detected by the Microsoft Security Intelligence team, started on May 12. The malware payload comes through malicious Excel attachments that are being sent by the attackers via emails. Notably, this isn't the first time when cyber-attackers are using COVID-19 as an opportunity to hack people. Companies including Google have already warned about the increase in such phishing attacks.

Through a series of tweets, the Microsoft Security Intelligence team has detailed the ongoing phishing attacks. The team says that the campaign delivers the NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros.

As per the details provided by the Microsoft team, the attack begins with emails that pretend to come from Johns Hopkins Center and show details about the active COVID-19 cases in the US. However, in reality, the emails include Excel files that once open, show a graphical representation of the coronavirus data. However, the files also include malicious Excel 4.0 macros that will prompt users to “Enable Content”. This begins the download and installation process of the NetSupport Manager client from a remote site.

covid 19 phishing email sample screenshot microsoft COVID 19  Coronavirus

Microsoft's researchers have found that emails pretend to come from John Hopkins Center carry malicious Excel files
Photo Credit: Twitter/ Microsoft Security Intelligence

 

“For several months now, we've been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures,” the team notes in one of its tweets.

Once the remote access tool is installed on a victim's system, the attackers can access and run commands remotely.

In a particular case, the Microsoft team has noticed that the NetSupport Manager was used to drop multiple components, including some executable files and establish connectivity with a C2 server to enable further commands from the attackers.

Pay attention to what you're downloading from emails
Users are recommended to avoid paying attention to random emails and verify email addresses from where they're receiving new emails before downloading the included attachments. Also, it is suggested to immediately change passwords if you find any odd behaviour on your system.


How are we staying sane during this Coronavirus lockdown? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Jagmeet Singh Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips. More
Unannounced OnePlus TV, Remote Spotted on Bluetooth SIG Site
WhatsApp, Facebook Messenger Users Targeted by WolfRAT Android Malware: Cisco Researchers
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com